TMCnet News

Police e-mails were vulnerable to hackers' attack
[September 07, 2011]

Police e-mails were vulnerable to hackers' attack


Sep 07, 2011 (Fort Worth Star-Telegram - McClatchy-Tribune Information Services via COMTEX) -- Hackers who snooped on Texas police e-mails, including some local chiefs' messages, apparently didn't have to resort to sophisticated methods in their cyberattacks.



Instead, it appears that the hackers obtained e-mail addresses and passwords when they broke into the Texas Police Chiefs Association website Thursday. The association's executive director, James McLaughlin, said some of the targeted law enforcement agencies may have left themselves vulnerable by using the same e-mail addresses and passwords on the association's website that they use for personal or departmental accounts.

"It really goes back to the admonishment you hear over and over: Don't use your same password in multiple places, and change them every so often," McLaughlin said Tuesday.


The association's website was still down Tuesday. McLaughlin said an investigation is ongoing, but as far as "who, what, where, when and how, we don't know yet," he said.

He was unsure whether any sensitive information was released.

"We don't know what was in other people's sites that was displayed," he said.

Among those apparently attacked was David Henley, Northlake's police chief. The city is following state law by notifying individuals that their information in the account has been leaked or hacked, Mayor Peter Dewing said.

Henley's was the only Northlake account compromised, Dewing said.

He said the department's computer security measures comply with "current codes," However, he said, "We have our consultants looking at various measures that we might be able to implement to prevent this type of intrusion again." Saginaw Police Chief Roger Macon said hackers swiped about 20 e-mails involving personnel issues that have been resolved. The e-mails date to February, he said, and one involved a criminal case that had been closed.

While he "would just as soon not broadcast [them] on the Internet," he said, public servants are usually mindful of what they say in e-mails because they may be subject to public information laws.

"Ironically, they could have had ... a whole lot more [e-mails] just by sending a public information request," Macon said.

The attack reflects a trend toward cybercriminals hitting smaller -- and often less secure -- institutions, a security expert said.

The hacker group called Anonymous is suspected in the Texas attack. Its members have orchestrated a number of high-profile attacks.

Joseph Steinberg, a cybersecurity expert and CEO of Green Armor Solutions of Hackensack, N.J., said hackers can be dissuaded from attacking organizations with large security budgets. Increasingly, smaller organizations are targets because they're easier to crack.

"Smaller organizations, whether they be nonprofit businesses or government entities, really need to be assuming that they are targets rather than assume, 'Well, we're too small. No one has any desire to target us,'" Steinberg said.

He said keeping up to date with technology, having an expert review security, creating proper policies and limiting employee access to information are some easy steps to prevent breaches.

"It will always cost less if you do it proactively than if you get hacked and then have to do it afterwards reactively," he said.

Steinberg said he doubts that Anonymous is anything more than a loose confederation of hackers. Members have been arrested worldwide, and the FBI searched an Arlington home in July in connection to allegations that Anonymous hacked PayPal.

Agents searched the home of Peter and Valori Reid, in the 3400 block of Ainsworth Court in west Arlington, according to the search warrant affidavit. The couple have two children: Ethan, 19, and a high-school-age daughter who is not named in the affidavit.

The family has not responded to multiple messages seeking comment on the search. Nobody in the family has a criminal record, according to a search of public documents.

According to the affidavit, an Internet protocol address registered to Valori Reid, 48, sent 3,678 malicious network packets to the PayPal website over two hours and 39 minutes the night of Dec. 8-9. The packets contained the signature of a computer program believed to have been used by Anonymous for the attacks, the affidavit said.

Agents were looking for computer equipment, software, records and other material that may point to evidence in the PayPal attack, according to the affidavit.

Staff writer Patrick M. Walker contributed to this report.

Darren Barbee, 817-390-7126 ___ (c)2011 the Fort Worth Star-Telegram Visit the Fort Worth Star-Telegram at www.star-telegram.com Distributed by MCT Information Services

[ Back To TMCnet.com's Homepage ]